First-depositor / share-inflation guard
Lista DAO's assessment for RD-F-075 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
MasterVault.sol custom vault: no virtual share offset, no explicit first-depositor seed deposit found in source, no floor-check on shares/assets ratio. Share calculation is `shares = _assessFee(amount, depositFee)` — a fixed fee deduction, not a ratio-based conversion tied to totalAssets. No _decimalsOffset override. No seed deposit evident in constructor or initializer. Under a scenario where all strategy funds are temporarily drained and a new depositor is first, share-inflation manipulation may be possible. Red: no first-depositor guard mechanism identifiable in source code.
Sources #
- GitHubMasterVault.sol — raw GitHub sourceMasterVault.sol raw source analysis: inheritance chain OwnableUpgradeable + PausableUpgradeable + ReentrancyGuardUpgradeable; share calculation _assessFee(amount, depositFee); no virtual share offset; no seed deposit in constructor/initializer; no first-depositor guardretrieved 2026-05-12
- lista-dao-contracts package.jsonpackage.json OZ 4.6.0 — pre-4.9, no virtual share offset patch available even if ERC-4626 were usedretrieved 2026-05-12
Methodology #
Determine whether the vault has a first-depositor guard (seed deposit on deploy, virtual-share offset, or floor-check).
See the full factor methodology and distribution across all protocols →